Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-1-5]: src/crypto/dist/ssh Pull up revisions 1.3-1.4 (requested by...

details:   https://anonhg.NetBSD.org/src/rev/ffd1fad716d8
branches:  netbsd-1-5
changeset: 490701:ffd1fad716d8
user:      he <he%NetBSD.org@localhost>
date:      Mon Feb 26 20:26:52 2001 +0000

description:
Pull up revisions 1.3-1.4 (requested by itojun):
  Update SSH to version found on trunk as of 26 Feb 2001.

diffstat:

 crypto/dist/ssh/cipher.c   |  743 ++++++++++++++++++++++++--------------------
 crypto/dist/ssh/deattack.c |   26 +-
 2 files changed, 415 insertions(+), 354 deletions(-)

diffs (truncated from 914 to 300 lines):

diff -r fd9dd50a4388 -r ffd1fad716d8 crypto/dist/ssh/cipher.c
--- a/crypto/dist/ssh/cipher.c  Mon Feb 26 20:26:49 2001 +0000
+++ b/crypto/dist/ssh/cipher.c  Mon Feb 26 20:26:52 2001 +0000
@@ -1,5 +1,3 @@
-/*     $NetBSD: cipher.c,v 1.1.1.1.2.2 2000/10/25 16:34:14 tv Exp $    */
-
 /*
  * Author: Tatu Ylonen <ylo%cs.hut.fi@localhost>
  * Copyright (c) 1995 Tatu Ylonen <ylo%cs.hut.fi@localhost>, Espoo, Finland
@@ -36,21 +34,93 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
-/* from OpenBSD: cipher.c,v 1.31 2000/09/12 00:38:32 deraadt Exp */
+#include "includes.h"
+RCSID("$OpenBSD: cipher.c,v 1.43 2001/02/04 15:32:23 stevesk Exp $");
 
-#include <sys/cdefs.h>
-#ifndef lint
-__RCSID("$NetBSD: cipher.c,v 1.1.1.1.2.2 2000/10/25 16:34:14 tv Exp $");
-#endif
-
-#include "includes.h"
-
-#include "ssh.h"
+#include "xmalloc.h"
+#include "log.h"
 #include "cipher.h"
-#include "xmalloc.h"
 
 #include <openssl/md5.h>
 
+
+/* no encryption */
+static void
+none_setkey(CipherContext *cc, const u_char *key, u_int keylen)
+{
+}
+static void
+none_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
+{
+}
+static void
+none_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
+{
+       memcpy(dest, src, len);
+}
+
+/* DES */
+static void
+des_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
+{
+       static int dowarn = 1;
+       if (dowarn) {
+               error("Warning: use of DES is strongly discouraged "
+                   "due to cryptographic weaknesses");
+               dowarn = 0;
+       }
+       des_set_key((void *)key, cc->u.des.key);
+}
+static void
+des_ssh1_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
+{
+       memset(cc->u.des.iv, 0, sizeof(cc->u.des.iv));
+}
+static void
+des_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
+{
+       des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
+           DES_ENCRYPT);
+}
+static void
+des_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
+{
+       des_ncbc_encrypt(src, dest, len, cc->u.des.key, &cc->u.des.iv,
+           DES_DECRYPT);
+}
+
+/* 3DES */
+static void
+des3_setkey(CipherContext *cc, const u_char *key, u_int keylen)
+{
+       des_set_key((void *) key, cc->u.des3.key1);
+       des_set_key((void *) (key+8), cc->u.des3.key2);
+       des_set_key((void *) (key+16), cc->u.des3.key3);
+}
+static void
+des3_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
+{
+       memset(cc->u.des3.iv2, 0, sizeof(cc->u.des3.iv2));
+       memset(cc->u.des3.iv3, 0, sizeof(cc->u.des3.iv3));
+       if (iv == NULL)
+               return;
+       memcpy(cc->u.des3.iv3, (char *)iv, 8);
+}
+static void
+des3_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
+{
+       des_ede3_cbc_encrypt(src, dest, len,
+           cc->u.des3.key1, cc->u.des3.key2, cc->u.des3.key3,
+           &cc->u.des3.iv3, DES_ENCRYPT);
+}
+static void
+des3_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
+{
+       des_ede3_cbc_encrypt(src, dest, len,
+           cc->u.des3.key1, cc->u.des3.key2, cc->u.des3.key3,
+           &cc->u.des3.iv3, DES_DECRYPT);
+}
+
 /*
  * This is used by SSH1:
  *
@@ -66,46 +136,71 @@
  * choosing the X block.
  */
 static void
-SSH_3CBC_ENCRYPT(des_key_schedule ks1,
-                des_key_schedule ks2, des_cblock * iv2,
-                des_key_schedule ks3, des_cblock * iv3,
-                unsigned char *dest, unsigned char *src,
-                unsigned int len)
+des3_ssh1_setkey(CipherContext *cc, const u_char *key, u_int keylen)
+{
+       des_set_key((void *) key, cc->u.des3.key1);
+       des_set_key((void *) (key+8), cc->u.des3.key2);
+       if (keylen <= 16)
+               des_set_key((void *) key, cc->u.des3.key3);
+       else
+               des_set_key((void *) (key+16), cc->u.des3.key3);
+}
+static void
+des3_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
+    u_int len)
 {
        des_cblock iv1;
+       des_cblock *iv2 = &cc->u.des3.iv2;
+       des_cblock *iv3 = &cc->u.des3.iv3;
+
+       memcpy(&iv1, iv2, 8);
+
+       des_ncbc_encrypt(src,  dest, len, cc->u.des3.key1, &iv1, DES_ENCRYPT);
+       des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_DECRYPT);
+       des_ncbc_encrypt(dest, dest, len, cc->u.des3.key3, iv3, DES_ENCRYPT);
+}
+static void
+des3_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
+    u_int len)
+{
+       des_cblock iv1;
+       des_cblock *iv2 = &cc->u.des3.iv2;
+       des_cblock *iv3 = &cc->u.des3.iv3;
 
        memcpy(&iv1, iv2, 8);
 
-       des_cbc_encrypt(src, dest, len, ks1, &iv1, DES_ENCRYPT);
-       memcpy(&iv1, dest + len - 8, 8);
-
-       des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_DECRYPT);
-       memcpy(iv2, &iv1, 8);   /* Note how iv1 == iv2 on entry and exit. */
-
-       des_cbc_encrypt(dest, dest, len, ks3, iv3, DES_ENCRYPT);
-       memcpy(iv3, dest + len - 8, 8);
+       des_ncbc_encrypt(src,  dest, len, cc->u.des3.key3, iv3, DES_DECRYPT);
+       des_ncbc_encrypt(dest, dest, len, cc->u.des3.key2, iv2, DES_ENCRYPT);
+       des_ncbc_encrypt(dest, dest, len, cc->u.des3.key1, &iv1, DES_DECRYPT);
 }
 
+/* Blowfish */
 static void
-SSH_3CBC_DECRYPT(des_key_schedule ks1,
-                des_key_schedule ks2, des_cblock * iv2,
-                des_key_schedule ks3, des_cblock * iv3,
-                unsigned char *dest, unsigned char *src,
-                unsigned int len)
+blowfish_setkey(CipherContext *cc, const u_char *key, u_int keylen)
+{
+       BF_set_key(&cc->u.bf.key, keylen, (u_char *)key);
+}
+static void
+blowfish_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
 {
-       des_cblock iv1;
-
-       memcpy(&iv1, iv2, 8);
-
-       des_cbc_encrypt(src, dest, len, ks3, iv3, DES_DECRYPT);
-       memcpy(iv3, src + len - 8, 8);
-
-       des_cbc_encrypt(dest, dest, len, ks2, iv2, DES_ENCRYPT);
-       memcpy(iv2, dest + len - 8, 8);
-
-       des_cbc_encrypt(dest, dest, len, ks1, &iv1, DES_DECRYPT);
-       /* memcpy(&iv1, iv2, 8); */
-       /* Note how iv1 == iv2 on entry and exit. */
+       if (iv == NULL)
+               memset(cc->u.bf.iv, 0, 8);
+       else
+               memcpy(cc->u.bf.iv, (char *)iv, 8);
+}
+static void
+blowfish_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
+     u_int len)
+{
+       BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
+           BF_ENCRYPT);
+}
+static void
+blowfish_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
+     u_int len)
+{
+       BF_cbc_encrypt((void *)src, dest, len, &cc->u.bf.key, cc->u.bf.iv,
+           BF_DECRYPT);
 }
 
 /*
@@ -113,7 +208,7 @@
  * and after encryption/decryption. Thus the swap_bytes stuff (yuk).
  */
 static void
-swap_bytes(const unsigned char *src, unsigned char *dst, int n)
+swap_bytes(const u_char *src, u_char *dst, int n)
 {
        char c[4];
 
@@ -131,88 +226,255 @@
        }
 }
 
-/*
- * Names of all encryption algorithms.
- * These must match the numbers defined in cipher.h.
- */
-static char *cipher_names[] =
+static void
+blowfish_ssh1_encrypt(CipherContext *cc, u_char *dest, const u_char *src,
+    u_int len)
+{
+       swap_bytes(src, dest, len);
+       BF_cbc_encrypt((void *)dest, dest, len, &cc->u.bf.key, cc->u.bf.iv,
+           BF_ENCRYPT);
+       swap_bytes(dest, dest, len);
+}
+static void
+blowfish_ssh1_decrypt(CipherContext *cc, u_char *dest, const u_char *src,
+    u_int len)
+{
+       swap_bytes(src, dest, len);
+       BF_cbc_encrypt((void *)dest, dest, len, &cc->u.bf.key, cc->u.bf.iv,
+           BF_DECRYPT);
+       swap_bytes(dest, dest, len);
+}
+
+/* alleged rc4 */
+static void
+arcfour_setkey(CipherContext *cc, const u_char *key, u_int keylen)
+{
+       RC4_set_key(&cc->u.rc4, keylen, (u_char *)key);
+}
+static void
+arcfour_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
+{
+       RC4(&cc->u.rc4, len, (u_char *)src, dest);
+}
+
+/* CAST */
+static void
+cast_setkey(CipherContext *cc, const u_char *key, u_int keylen)
+{
+       CAST_set_key(&cc->u.cast.key, keylen, (u_char *) key);
+}
+static void
+cast_setiv(CipherContext *cc, const u_char *iv, u_int ivlen)
+{
+       if (iv == NULL)
+               fatal("no IV for %s.", cc->cipher->name);
+       memcpy(cc->u.cast.iv, (char *)iv, 8);
+}
+static void
+cast_cbc_encrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
+{
+       CAST_cbc_encrypt(src, dest, len, &cc->u.cast.key, cc->u.cast.iv,
+           CAST_ENCRYPT);
+}
+static void
+cast_cbc_decrypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
+{
+       CAST_cbc_encrypt(src, dest, len, &cc->u.cast.key, cc->u.cast.iv,
+           CAST_DECRYPT);
+}
+
+/* RIJNDAEL */
+
+#define RIJNDAEL_BLOCKSIZE 16
+static void
+rijndael_setkey(CipherContext *cc, const u_char *key, u_int keylen)
+{
+       rijndael_set_key(&cc->u.rijndael.enc, (u4byte *)key, 8*keylen, 1);
+       rijndael_set_key(&cc->u.rijndael.dec, (u4byte *)key, 8*keylen, 0);
+}
Home | Main Index | Thread Index | Old Index